Can I configure a /30 transport network and a /29 usable on the same router?

Can I configure a /30 transport network and a /29 usable on the same router, it would be a Cisco 891. Comcast used to just give us a /29 usable which we configured on our 891 and everything was great. Now they give us a /30 for transport and a /29 usable. The only way I know how to do it is to have one router with one interface facing the internet with the /30 and one IP address from the /29 on the other interface. Then use a second router with one interface with an IP address from the /29 and point the default route to the first router. My client is not crazy about buying 2 routers for every location. I was able to get Comcast to provision only the /29 but it was a big hassle and there internal ACLs were causing all kinds of problems.

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Absolutely. There are multiple ways to do it, depending on your needs.

If you want to just use the /29 as a NAT pool, you can configure the /30 on the WAN interface and start adding NAT entries using the /29 addresses, keeping the LAN interface private.

If you need a different configuration, post an outline of what you'd like and I'll advise as best I can. You won't likely need two routers regardless.

Jody

ktylmanAuthor Commented: 2016-01-14

I would like to have an IP address from the /29 on an interface, maybe a VLAN interface, and be able to control access to it with an ACL and be able to telnet into it. However your idea is interesting. Would the default route to the Comcast side of the /30 apply to both subnets? Could I do static NAT's with this configuration? I assume I would control access to both subnets with the ACL on the WAN interface. Trying to get my head around this...

The default route would only be on the WAN interface with the /30 and inbound ACLs would also be applied on this interface.

If you want to actually put the /29 on a VLAN so that machines can be physically assigned IP addresses from this range, that's certainly possible. On the other hand, if you're just using the /29 as a NAT pool, that gives you two more addresses to work with – NAT pools not being subject to the normal restrictions on actual IP subnets.

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

I am liking this. Wouldn't the IP NAT inside command go on the LAN interface. Also if I need a VPN tunnel I assume the crypto map command would go on GigabitEthernet0. And if I don't need to assign machines IP addresses on the 172.24.0.0 I don't need a VLAN interface in this network.

The "ip nat inside" would go on the LAN interface, per the above configuration.

If you're using a crypto map for VPN, you'll definitely put that on the WAN interface and source from the /30. (I advise using Tunnel interfaces rather than crypto maps for modern configurations, but that's another topic.)

I only used 172.24.0.0 as an example of a private IPv4 address range. You would substitute that and the Vlan1 interface with whatever private IPv4 range and interface you're using for your LAN.

ktylmanAuthor Commented: 2016-01-14

I was confusing the /29 with the private network. My bad. Thanks for your quick and very helpful response!